Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

------------ below PHP code:
save in same folder the below code to a file called in our example contactme.php
the name MUST be identical as in the form itself !!!!
if you save into OTHER folder - then adapt the path of "action=contactme.php" above

giving a full detailed working example of a better PHP contact-form might be helpful if you know any better.
welcome to share your expertise.

Click to expand...

I'm sorry to say my ken of the rfcs 822, 2822 and 2821 is too poor to fully understand all the security issues. For that reason, I wouldn't be able to recommend a script, but I can sure as hell spot one that has done nothing to secure against email injection exploits.

I wrote one a couple of years ago, it has been deployed on 100's of sites and to my knowledge, it has never been exploited by spammers (and my logs indicate that they have tried).

The example above is very bad and could be exploited in so many ways. Do not use it ever! It would take about 30 seconds to set up an XSS exploit that would be capable of spewing out spam by the bucketload.

An example this bad is far worse than no example at all - because of it's serious flaws.

giving a full detailed working example of a better PHP contact-form might be helpful if you know any better.
welcome to share your expertise.

Click to expand...

the problem is that you can simply add "fakesender@yahoo.com \r\n bcc:sendmespam@yahoo.com" into your sender field and your form will fire 2 emails out. "\r\n" adds another line to the email header and bcc:sendmespam@yahoo.com is your spam target. to fix that, you should check the string for a valid email at least:

I wrote one a couple of years ago, it has been deployed on 100's of sites and to my knowledge, it has never been exploited by spammers (and my logs indicate that they have tried).

The example above is very bad and could be exploited in so many ways. Do not use it ever! It would take about 30 seconds to set up an XSS exploit that would be capable of spewing out spam by the bucketload.

An example this bad is far worse than no example at all - because of it's serious flaws.

Click to expand...

is there a particular reason why you dont want to share your contact form with us HERE in DP forum ??
may be your form is exactly what we all are waiting for - a better working more secure form.

btw
i use the one posted since more than a year and a few other sites as well
it never has been exploited so far.
the risk for getting killed by a car out in the streets or poisend by bad food was far greater concern to me than email spam that might eventually one day come or never occur.
my site has been abused by hackers and I have learned to act on intrusion - my host as well cares.

to a test senders address
and see that just by definition of the field size in the simple form it is insufficient space defined to add even one more email address - unless of course both sender and spam-recipient would be very short

hence for the time being i prefer to keep simple things simple and focus on quality instead. a host also has tools to prevent OUT-going spam since all is going thru the hosts local host-mailsystem. I enjoy the worlds largest host and am quiet happy since 2 years.

the hackers i had once a while ago used other - far more professional - methods to do their jobs. that was serious security stuff and i spent some 2 weeks full time to study and solve the security issue.
since then my host has installed a 2nd security monitoring system just for my site (and may be others as well ) to monitor live all attempts of site intrusion. successful teamwork so far.

falcondriver

I haven't figured out how to add the lines you posted. it seems they are NOT for the form and PHP posted on this page and need further changes of variables. i am - like so many -. NO coder at all - just a user of the web for successufl web publishing.
the regex looks good and may make sense - may be you could further explain HOW to exactly use the lines with the form code posted HERE in this thread to make a simple contact for secure.

to a test senders address
and see that just by definition of the field size in the simple form it is insufficient space defined to add even one more email address - unless of course both sender and spam-recipient would be very short

Click to expand...

noooo, you got it all wrong!
its only your browser who limits the input field. there are plenty of programs out there who read the available fields from a webpage and let the spammer fill in every value they want, without a limit (except your verify the input in your sender script via php).
and you dont insert "\r\n" into this value, this is just how you write breaks in php (like "line 1\r\nline2"). if you want to insert multiple lines into a plain input field just write the lines seperated with a "return key" in a editor like notepad, press ctrl+a and ctrl+c and paste it into the input field via ctrl+v, thats all!

hence for the time being i prefer to keep simple things simple and focus on quality instead. a host also has tools to prevent OUT-going spam since all is going thru the hosts local host-mailsystem. I enjoy the worlds largest host and am quiet happy since 2 years.

the hackers i had once a while ago used other - far more professional - methods to do their jobs. that was serious security stuff and i spent some 2 weeks full time to study and solve the security issue.
since then my host has installed a 2nd security monitoring system just for my site (and may be others as well ) to monitor live all attempts of site intrusion. successful teamwork so far.

falcondriver

I haven't figured out how to add the lines you posted. it seems they are NOT for the form and PHP posted on this page and need further changes of variables. i am - like so many -. NO coder at all - just a user of the web for successufl web publishing.
the regex looks good and may make sense - may be you could further explain HOW to exactly use the lines with the form code posted HERE in this thread to make a simple contact for secure.

Click to expand...

like i said, this was just an easy function to check for an correct email adress. you can find what you need is at http://www.php.net/manual/en/function.mail.php (scroll down to the user comment "rsjaffe at gmail dot com 23-May-2006 08:23 Here's my way of detecting an attempt to hijack my mail form.").

and you SHOULD always secure your mailfields. some people tried t use my form for spam maybe 20x in the last 12 months, and i only know it because i get an extra email with the used mailheader every time someone uses my form. how would you know that your form is abused it with your plain mail($myemail, $senderfield, $subject, $text) function?

or even easier, make the form using the wizard that can be found in most of cpanel. after it's done, copy the form link, insert the link into an inline frame of the page you intend to put the form in, and wallaaa, there you have it.